What is a DDoS attack and how does it work?

Distributed Denial of Service, or DDoS

In the world of computer security, a Distributed Denial of Service, also known as a DDoS attack, refers to an attack aimed at a system of computers or a network that rends a service unavailable to legitimate users. It normally leads to a loss of connection with the network by using the entirety of the victim’s broadband or overloading the computingresources of the victim’s system.

DDoS attacksare generated through port saturation with multiple information pathways, overloading the server so that it cannot continue providing service. That’s why it’s called “denial of service”, as it makes the server unable to attend to the enormous amounts of requests.

This technique is used by crackers or cyber-pirates in order to out their victims’ servers out of service. In the global scale, this problem has only grown, in part due to the increased ease to commit them and also because of the large amount of available equipment with bad configurations or safety cracks that can be exploited with these attacks. An increase has been noted on attacks made by reflection and amplification rather than the usual use of botnets.

How does a DDoS attack work?

The network resources (such as web providers) have a finite limit of requests they can handle at a single time. Besides the server’s limit, the channel that connects the server to the internet has limited broadband. When the amount of requests goes beyond the limits of any of the infrastructure’s parts, the service levels will probably be affected in any of the following ways:

The answer to the requests will be much slower than usual.

It’s possible that some (or all) user requests will be ignored.

As a general rule, the main goal of an attacker is to completely shut off the web resource’s regular service, a total “denial” of service. The attacker may also demand payment in order to stop the attack. In some cases, the aim of the DDoS attack can be to discredit or harm a competitor’s business.

Sometimes, this tool has been used for good, such as to test the traffic capabilities that a computer can handle before becoming unstable and affecting the services it provides. A network admin can therefore use this tool to test each machine’s real capabilities.